ConsoleKit, PolicyKit, HAL, XDG_SESSION_COOKIE
Stef Bon
stef at bononline.nl
Fri Jul 23 09:16:43 PDT 2010
On 07/23/2010 05:05 PM, David Zeuthen wrote:
> Hi,
>
> On Thu, Jul 22, 2010 at 10:30 PM, Lennart Poettering<mzqohf at 0pointer.de> wrote:
>
>
>> Also, it's not trustable
>> information. Everybody can just creat his own random session if he feels
>> like it. Since this id is supposed to be used for policy this is a bit
>> strange.
> Of course XDG_SESSION_COOKIE is a secure mechanism (what I guess you
> mean with the word "trustable"). Well, of course, anyone can set
> $XDG_SESSION_COOKIE to whatever they want - but that doesn't matter
> because users of this environment variable should always be checked
> against the ConsoleKit database.
>
> I'm not at all opposed to moving to the audit session id. But please
> look at things in context before making clever statements (and never
> forget that the failure more of "clever" usually is "jerk") and please
> check your facts before making grandiose statements.
Yes, I do agree with your statement. I noticed before that Lennart
sometimes is not very polite, by doing bold statements.
Stef
More information about the dbus
mailing list